Skip to main content
  1. Home
  2. Computing
  3. News

Internet Explorer Zero-Day Bug Used in Google Attack

Geoff Duncan
By
internet-explorer-logo

Microsoft has acknowledged a so-called zero-day vulnerability in Microsoft Internet Explorer was used in attacks on Google and 20 or more other companies doing business doing business in China. Microsoft’s notification about the flaw coincided with a public statement from computer security firm McAfee, describing the bug and how it was used to target Google and other corporate networks.

The flaw impacts all officially supported combinations of Microsoft’s Internet Explorer browser and Windows operating system, with the sole exception of using very-old Internet Explorer 5.01 on Windows 2000 Service Pack 4. That means that essentially anyone using Internet Explorer 6, 7, or 8 on Windows 2000 SP4, Windows XP, Windows Vista, Windows 7, and Windows Server is vulnerable to the problem, across both 32- and 64-bit versions of the operating systems.

Attackers—which VeriSign’s iDefense has identified as the Chinese government or agents thereof—exploited the flaw by sending messages to targeted Google employees, forged to look like they were from a trusted source. If a user clicked a malicious link in the message, the users’ computers were compromised, downloading and installing backdoor software that enabled attackers to gain complete control of the computer. Presumably, from there, attackers monitored computer usage and data in an effort to obtain passwords and other valuable information.

McAfee is dubbing the attacks against Google and other companies’ operations in China “operation Aurora” because the word “Aurora” appears in file paths included in two of the malware binaries associated with the attack. The pathname would presumably have come from the attackers’ systems. McAfee describes “Operation Aurora” as a coordinated, highly targeted attack going after high profiled companies and their intellectual property, coordinated to take place while many employees were away on December holidays to maximize the amount of time the attack could operate. “All I can say is wow,” wrote McAfee CTO George Kurtz. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

Editors' Recommendations

Topics
How to schedule an email in Outlook
Scheduling an email in Outlook in Firefox on a MacBook.
These 7 AI creation tools show how much AI can really do
Metaphor works like DALL-E and Stable Diffusion but uses AI to fill in prompts with links instead of text or images.
How to recall an email in Outlook
outlook email
The best web browsers for 2023
Lenovo IdeaPad 530S
The best PC power supply for 2023
PC power supply in a case.
ChatGPT has a new way to detect its own plagiarism
The ChatGPT chatbot by OpenAIis now available for testing as a as a free research preview this week.
Samsung Galaxy Book 3 Ultra vs. MacBook Pro 16-inch
Someone typing on the Samsung Galaxy Book 3 Ultra.
The Galaxy Book 3 Ultra is Samsung’s most powerful laptop ever
Samsung Galaxy Book3 Ultra laptop.
Nvidia may have another monster GPU in the works, and the price could be outrageous
GeForce RTX logo is shown on the side of a graphics card.
AMD’s Ryzen 9 7950X3D pricing keeps the pressure on Intel
A hand holding AMD's Ryzen 9 7950X3D processor.
What is ChatGPT Plus? Everything we know about the premium tier
Close up of ChatGPT and OpenAI logo.
ChatGPT Plus to bring priority access during peak times — at a hefty price
ChatGPT and OpenAI logos.
Usually $3,879, this Lenovo laptop is down to $1,479 today
Opened Lenovo ThinkPad X1 Extreme Gen 4 sitting on the ground.